From 142f369443ea01931a0e5ec4fcd3a9e7f13bd951 Mon Sep 17 00:00:00 2001 From: mjl Date: Wed, 12 Jan 2000 05:02:10 +0000 Subject: [PATCH] Add necessary support routines for login.conf. --- distrib/sets/lists/base/shl.mi | 4 +- include/Makefile | 5 +- include/login_cap.h | 79 ++++ include/util.h | 3 +- lib/libutil/Makefile | 22 +- lib/libutil/login_cap.3 | 220 ++++++++++ lib/libutil/login_cap.c | 769 +++++++++++++++++++++++++++++++++ lib/libutil/securepath.3 | 57 +++ lib/libutil/securepath.c | 67 +++ lib/libutil/shlib_version | 4 +- share/man/man5/Makefile | 4 +- share/man/man5/login.conf.5 | 308 +++++++++++++ 12 files changed, 1528 insertions(+), 14 deletions(-) create mode 100644 include/login_cap.h create mode 100644 lib/libutil/login_cap.3 create mode 100644 lib/libutil/login_cap.c create mode 100644 lib/libutil/securepath.3 create mode 100644 lib/libutil/securepath.c create mode 100644 share/man/man5/login.conf.5 diff --git a/distrib/sets/lists/base/shl.mi b/distrib/sets/lists/base/shl.mi index b78d0960ef5f..0b2c3806af88 100644 --- a/distrib/sets/lists/base/shl.mi +++ b/distrib/sets/lists/base/shl.mi @@ -1,4 +1,4 @@ -# $NetBSD: shl.mi,v 1.50 1999/12/23 10:23:34 kleink Exp $ +# $NetBSD: shl.mi,v 1.51 2000/01/12 05:02:12 mjl Exp $ ./usr/lib/libamu.so.1.1 ./usr/lib/libbfd.so.3.0 ./usr/lib/libbz2.so.0.0 @@ -24,6 +24,6 @@ ./usr/lib/libtermcap.so.0.1 ./usr/lib/libtermlib.so.0.1 ./usr/lib/libusb.so.0.0 -./usr/lib/libutil.so.5.1 +./usr/lib/libutil.so.5.2 ./usr/lib/libwrap.so.0.2 ./usr/lib/libz.so.0.2 diff --git a/include/Makefile b/include/Makefile index 0ae65e0f8e68..fe2569d9c222 100644 --- a/include/Makefile +++ b/include/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.81 2000/01/10 16:58:37 kleink Exp $ +# $NetBSD: Makefile,v 1.82 2000/01/12 05:02:11 mjl Exp $ # @(#)Makefile 8.2 (Berkeley) 1/4/94 SRCTOP= .. @@ -11,7 +11,8 @@ SRCTOP= .. INCS= a.out.h ar.h assert.h bitstring.h bm.h cpio.h ctype.h db.h dirent.h \ disktab.h dlfcn.h err.h errno.h fmtmsg.h fnmatch.h fstab.h fts.h \ glob.h grp.h hesiod.h ieeefp.h iso646.h kvm.h langinfo.h libgen.h \ - limits.h link.h link_aout.h link_elf.h locale.h malloc.h math.h md4.h \ + limits.h link.h link_aout.h link_elf.h locale.h \ + login_cap.h malloc.h math.h md4.h \ memory.h mpool.h ndbm.h netdb.h netgroup.h nlist.h nl_types.h \ nsswitch.h paths.h pwd.h ranlib.h re_comp.h regex.h regexp.h \ resolv.h rmt.h search.h setjmp.h sgtty.h signal.h stab.h stddef.h \ diff --git a/include/login_cap.h b/include/login_cap.h new file mode 100644 index 000000000000..00b7da36e5ee --- /dev/null +++ b/include/login_cap.h @@ -0,0 +1,79 @@ +/* $NetBSD: login_cap.h,v 1.1 2000/01/12 05:02:11 mjl Exp $ */ + +/*- + * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Berkeley Software Design, + * Inc. + * 4. The name of Berkeley Software Design, Inc. may not be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * BSDI login_cap.h,v 2.10 1997/08/07 21:35:19 prb Exp + */ + +#ifndef _LOGIN_CAP_H_ +#define _LOGIN_CAP_H_ + +#define LOGIN_DEFCLASS "default" +#define LOGIN_DEFSERVICE "login" +#define LOGIN_DEFUMASK 022 +#define _PATH_LOGIN_CONF "/etc/login.conf" + +#define LOGIN_SETGROUP 0x0001 /* Set group */ +#define LOGIN_SETLOGIN 0x0002 /* Set login */ +#define LOGIN_SETPATH 0x0004 /* Set path */ +#define LOGIN_SETPRIORITY 0x0008 /* Set priority */ +#define LOGIN_SETRESOURCES 0x0010 /* Set resource limits */ +#define LOGIN_SETUMASK 0x0020 /* Set umask */ +#define LOGIN_SETUSER 0x0040 /* Set user */ +#define LOGIN_SETALL 0x007f /* Set all. */ + +typedef struct { + char *lc_class; + char *lc_cap; + char *lc_style; +} login_cap_t; + +#include +__BEGIN_DECLS +struct passwd; + +login_cap_t *login_getclass __P((char *)); +void login_close __P((login_cap_t *)); +int login_getcapbool __P((login_cap_t *, char *, u_int)); +quad_t login_getcapnum __P((login_cap_t *, char *, quad_t, quad_t)); +quad_t login_getcapsize __P((login_cap_t *, char *, quad_t, quad_t)); +char *login_getcapstr __P((login_cap_t *, char *, char *, char *)); +quad_t login_getcaptime __P((login_cap_t *, char *, quad_t, quad_t)); + +int secure_path __P((char *)); +int setclasscontext __P((char *, u_int)); +int setusercontext __P((login_cap_t *, struct passwd *, uid_t, u_int)); + +__END_DECLS + +#endif + diff --git a/include/util.h b/include/util.h index 7fc6d07c3517..7e48eaf7ed18 100644 --- a/include/util.h +++ b/include/util.h @@ -1,4 +1,4 @@ -/* $NetBSD: util.h,v 1.14 1999/06/12 18:06:19 christos Exp $ */ +/* $NetBSD: util.h,v 1.15 2000/01/12 05:02:11 mjl Exp $ */ /*- * Copyright (c) 1995 @@ -86,6 +86,7 @@ int ttylock __P((const char *, int, pid_t *)); int ttyunlock __P((const char *)); int ttyaction __P((const char *, const char *, const char *)); char *ttymsg __P((struct iovec *, int, const char *, int)); +int secure_path __P((char *)); __END_DECLS #endif /* !_UTIL_H_ */ diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile index 4dd1161803bb..c5b3ecd1df0c 100644 --- a/lib/libutil/Makefile +++ b/lib/libutil/Makefile @@ -1,19 +1,31 @@ -# $NetBSD: Makefile,v 1.23 1999/07/02 15:49:12 simonb Exp $ +# $NetBSD: Makefile,v 1.24 2000/01/12 05:02:10 mjl Exp $ # @(#)Makefile 8.1 (Berkeley) 6/4/93 LIB= util CPPFLAGS+=-DLIBC_SCCS -SRCS= fparseln.c getmaxpartitions.c getrawpartition.c login.c login_tty.c \ +SRCS= fparseln.c getmaxpartitions.c getrawpartition.c \ + login.c login_cap.c login_tty.c \ logout.c logwtmp.c opendisk.c passwd.c pw_scan.c pidfile.c pidlock.c \ - pty.c ttyaction.c ttymsg.c + pty.c securepath.c ttyaction.c ttymsg.c -MAN= fparseln.3 getmaxpartitions.3 getrawpartition.3 login.3 opendisk.3 \ - openpty.3 pidfile.3 pidlock.3 pw_init.3 pw_lock.3 ttyaction.3 ttymsg.3 +MAN= fparseln.3 getmaxpartitions.3 getrawpartition.3 \ + login.3 login_cap.3 opendisk.3 \ + openpty.3 pidfile.3 pidlock.3 pw_init.3 pw_lock.3 \ + securepath.3 ttyaction.3 ttymsg.3 .PATH: ${.CURDIR}/../libc/gen MLINKS+=login.3 logout.3 MLINKS+=login.3 logwtmp.3 +MKLINKS+=login_cap.3 login_getclass.3 +MKLINKS+=login_cap.3 login_getcapbool.3 +MKLINKS+=login_cap.3 login_getcapnum.3 +MKLINKS+=login_cap.3 login_getcapsize.3 +MKLINKS+=login_cap.3 login_getcapstr.3 +MKLINKS+=login_cap.3 login_getcaptime.3 +MKLINKS+=login_cap.3 login_close.3 +MKLINKS+=login_cap.3 setclasscontext.3 +MKLINKS+=login_cap.3 setusercontext.3 MLINKS+=openpty.3 login_tty.3 MLINKS+=openpty.3 forkpty.3 MLINKS+=pw_init.3 pw_edit.3 diff --git a/lib/libutil/login_cap.3 b/lib/libutil/login_cap.3 new file mode 100644 index 000000000000..1c5b899ecb67 --- /dev/null +++ b/lib/libutil/login_cap.3 @@ -0,0 +1,220 @@ +.\" $NetBSD: login_cap.3,v 1.1 2000/01/12 05:02:10 mjl Exp $ +.\" +.\" Copyright (c) 1996,1997 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI login_cap.3,v 1.4 1997/11/07 16:22:27 jch Exp +.\" +.Dd "July 16, 1996" +.Dt LOGIN_CAP 3 +.Os +.Sh NAME +.Nm login_getclass , +.Nm login_getcapbool , +.Nm login_getcapnum , +.Nm login_getcapsize , +.Nm login_getcapstr , +.Nm login_getcaptime , +.Nm login_close , +.Nm setclasscontext , +.Nm setusercontext +.Nd query login.conf database about a user class +.Sh LIBRARY +.Lb libutil +.Sh SYNOPSIS +.Fd #include +.Ft login_cap_t * +.Fn login_getclass "char *class" +.Ft int +.Fn login_getcapbool "login_cap_t *lc" "char *cap" "u_int def" +.Ft quad_t +.Fn login_getcapnum "login_cap_t *lc" "char *cap" "quad_t def" "quad_t err" +.Ft quad_t +.Fn login_getcapsize "login_cap_t *lc" "char *cap" "quad_t def" "quad_t err" +.Ft char * +.Fn login_getcapstr "login_cap_t *lc" "char *cap" "char *def" "char *err" +.Ft quad_t +.Fn login_getcaptime "login_cap_t *lc" "char *cap" "quad_t def" "quad_t err" +.Ft void +.Fn login_close "login_cap_t *lc" +.Ft int +.Fn setclasscontext "char *class" "u_int flags" +.Ft int +.Fn setusercontext "login_cap_t *lc" "struct passwd *pwd" "uid_t uid" "u_int flags" +.Sh DESCRIPTION +The +.Fn login_getclass +function extracts the entry specified by +.Ar class +(or +.Li default +if +.Ar class +is NULL or the empty string) +from +.Pa /etc/login.conf +(see +.Xr login.conf 5 ) . +If the entry is found, a +.Li login_cap_t +pointer is returned. +NULL is returned if the user class is not found. +When the +.Li login_cap_t +structure is no longer needed, is should be freed by the +.Fn login_close +function. +.Pp +Once +.Ar lc +has been returned by +.Fn login_getclass , +any of the other +.Fn login_* +functions may be called. +.Pp +The +.Fn login_getcapnum , +.Fn login_getcapsize , +.Fn login_getcapstr , +and +.Fn login_getcaptime +functions all query the database entry for a field named +.Ar cap . +If the field is found, its value is returned. If the field is not +found, the value specified by +.Ar def +is returned. +If an error is encountered while trying to find the field, +.Ar err +is returned. +See +.Xr login.conf 5 +for a discussion of the various textual forms the value may take. +The +.Fn login_getcapbool +function is slightly different. It returns +.Ar def +if no capabilities were found for this class (typically meaning that +the default class was used and the +.Li /etc/login.conf +file is missing). +It returns a non-zero value if +.Ar cap , +with no value, was found, +zero otherwise. +.Pp +The +.Fn setclasscontext +function takes +.Ar class , +the name of a user class, +and sets the resources defined by that class according to +.Ar flags. +Only the +.Nm LOGIN_SETPATH , +.Nm LOGIN_SETPRIORITY , +.Nm LOGIN_SETRESOURCES , +and +.Nm LOGIN_SETUMASK +bits are used. (See +.Fn setusercontext +below). +It returns 0 on success and -1 on failure. +.Pp +The +.Fn setusercontext +function +sets the resources according to +.Ar flags . +The +.Ar lc +argument, if not NULL, contains the class information that should +be used. +The +.Ar pwd +argument, if not NULL, provides information about the user. +Both +.Ar lc +and +.Ar pwd +cannot be NULL. +The +.Ar uid +argument is used in place of the user id contained in the +.Ar pwd +structure when calling +.Xr setuid 2 . +The various bits available to be or-ed together to make up +.Ar flags +are: +.Bl -tag -width LOGIN_SETRESOURCESXX +.It LOGIN_SETGROUP +Set the group id and call +.Xr initgroups 3 . +Requires the +.Xr pwd +field be specified. +.It LOGIN_SETLOGIN +Sets the login name by +.Xr setlogin 2 . +Requires the +.Ar pwd +field be specified. +.It LOGIN_SETPATH +Sets the +.Ev PATH +environment variable. +.It LOGIN_SETPRIORITY +Sets the priority by +.Xr setpriority 2 . +.It LOGIN_SETRESOURCES +Sets the various system resources by +.Xr setrlimit 2 . +.It LOGIN_SETUMASK +Sets the umask by +.Xr umask 2 . +.It LOGIN_SETUSER +Sets the user id to +.Ar uid +by +.Xr setuid 2 . +.It LOGIN_SETALL +Sets all of the above. +.El +.Sh SEE ALSO +.Xr setlogin 2 , +.Xr setpriority 2 , +.Xr setrlimit 2 , +.Xr setuid 2 , +.Xr umask 2 , +.Xr initgroups 3 , +.Xr secure_path 3 , +.Xr login.conf 5 diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c new file mode 100644 index 000000000000..82fd7f29ddce --- /dev/null +++ b/lib/libutil/login_cap.c @@ -0,0 +1,769 @@ +/* $NetBSD: login_cap.c,v 1.1 2000/01/12 05:02:10 mjl Exp $ */ + +/*- + * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Berkeley Software Design, + * Inc. + * 4. The name of Berkeley Software Design, Inc. may not be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * BSDI login_cap.c,v 2.13 1998/02/07 03:17:05 prb Exp + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +static char *classfiles[] = { _PATH_LOGIN_CONF, 0 }; +static void setuserpath __P((login_cap_t *, char *)); +static u_quad_t multiply __P((u_quad_t, u_quad_t)); +static u_quad_t strtolimit __P((char *, char **, int)); +static u_quad_t strtosize __P((char *, char **, int)); +static int gsetrl __P((login_cap_t *, int, char *, int type)); + +login_cap_t * +login_getclass(class) + char *class; +{ + login_cap_t *lc; + int res; + + for (res = 0; classfiles[res]; ++res) + if (secure_path(classfiles[res]) < 0) + return (0); + + if ((lc = malloc(sizeof(login_cap_t))) == NULL) { + syslog(LOG_ERR, "%s:%d malloc: %m", __FILE__, __LINE__); + return (0); + } + + lc->lc_cap = 0; + lc->lc_style = 0; + + if (class == NULL || class[0] == '\0') + class = LOGIN_DEFCLASS; + + if ((lc->lc_class = strdup(class)) == NULL) { + syslog(LOG_ERR, "%s:%d strdup: %m", __FILE__, __LINE__); + free(lc); + return (0); + } + + if ((res = cgetent(&lc->lc_cap, classfiles, lc->lc_class)) != 0 ) { + lc->lc_cap = 0; + switch (res) { + case 1: + syslog(LOG_ERR, "%s: couldn't resolve 'tc'", + lc->lc_class); + break; + case -1: + if ((res = open(classfiles[0], 0)) >= 0) + close(res); + if (strcmp(lc->lc_class, LOGIN_DEFCLASS) == NULL && + res < 0) + return (lc); + syslog(LOG_ERR, "%s: unknown class", lc->lc_class); + break; + case -2: + syslog(LOG_ERR, "%s: getting class information: %m", + lc->lc_class); + break; + case -3: + syslog(LOG_ERR, "%s: 'tc' reference loop", + lc->lc_class); + break; + default: + syslog(LOG_ERR, "%s: unexpected cgetent error", + lc->lc_class); + break; + } + free(lc->lc_class); + free(lc); + return (0); + } + return (lc); +} + +char * +login_getcapstr(lc, cap, def, e) + login_cap_t *lc; + char *cap; + char *def; + char *e; +{ + char *res; + int status; + + errno = 0; + + if (!lc->lc_cap) + return (def); + + switch (status = cgetstr(lc->lc_cap, cap, &res)) { + case -1: + return (def); + case -2: + syslog(LOG_ERR, "%s: getting capability %s: %m", + lc->lc_class, cap); + return (e); + default: + if (status >= 0) + return (res); + syslog(LOG_ERR, "%s: unexpected error with capability %s", + lc->lc_class, cap); + return (e); + } +} + +quad_t +login_getcaptime(lc, cap, def, e) + login_cap_t *lc; + char *cap; + quad_t def; + quad_t e; +{ + char *ep; + char *res, *sres; + int status; + quad_t q, r; + + errno = 0; + if (!lc->lc_cap) + return (def); + + switch (status = cgetstr(lc->lc_cap, cap, &res)) { + case -1: + return (def); + case -2: + syslog(LOG_ERR, "%s: getting capability %s: %m", + lc->lc_class, cap); + errno = ERANGE; + return (e); + default: + if (status >= 0) + break; + syslog(LOG_ERR, "%s: unexpected error with capability %s", + lc->lc_class, cap); + errno = ERANGE; + return (e); + } + + if (strcasecmp(res, "infinity") == 0) + return (RLIM_INFINITY); + + errno = 0; + + q = 0; + sres = res; + while (*res) { + r = strtoq(res, &ep, 0); + if (!ep || ep == res || + ((r == QUAD_MIN || r == QUAD_MAX) && errno == ERANGE)) { +invalid: + syslog(LOG_ERR, "%s:%s=%s: invalid time", + lc->lc_class, cap, sres); + errno = ERANGE; + return (e); + } + switch (*ep++) { + case '\0': + --ep; + break; + case 's': case 'S': + break; + case 'm': case 'M': + r *= 60; + break; + case 'h': case 'H': + r *= 60 * 60; + break; + case 'd': case 'D': + r *= 60 * 60 * 24; + break; + case 'w': case 'W': + r *= 60 * 60 * 24 * 7; + break; + case 'y': case 'Y': /* Pretty absurd */ + r *= 60 * 60 * 24 * 365; + break; + default: + goto invalid; + } + res = ep; + q += r; + } + return (q); +} + +quad_t +login_getcapnum(lc, cap, def, e) + login_cap_t *lc; + char *cap; + quad_t def; + quad_t e; +{ + char *ep; + char *res; + int status; + quad_t q; + + errno = 0; + if (!lc->lc_cap) + return (def); + + switch (status = cgetstr(lc->lc_cap, cap, &res)) { + case -1: + return (def); + case -2: + syslog(LOG_ERR, "%s: getting capability %s: %m", + lc->lc_class, cap); + errno = ERANGE; + return (e); + default: + if (status >= 0) + break; + syslog(LOG_ERR, "%s: unexpected error with capability %s", + lc->lc_class, cap); + errno = ERANGE; + return (e); + } + + if (strcasecmp(res, "infinity") == 0) + return (RLIM_INFINITY); + + errno = 0; + q = strtoq(res, &ep, 0); + if (!ep || ep == res || ep[0] || + ((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) { + syslog(LOG_ERR, "%s:%s=%s: invalid number", + lc->lc_class, cap, res); + errno = ERANGE; + return (e); + } + return (q); +} + +quad_t +login_getcapsize(lc, cap, def, e) + login_cap_t *lc; + char *cap; + quad_t def; + quad_t e; +{ + char *ep; + char *res; + int status; + quad_t q; + + errno = 0; + + if (!lc->lc_cap) + return (def); + + switch (status = cgetstr(lc->lc_cap, cap, &res)) { + case -1: + return (def); + case -2: + syslog(LOG_ERR, "%s: getting capability %s: %m", + lc->lc_class, cap); + errno = ERANGE; + return (e); + default: + if (status >= 0) + break; + syslog(LOG_ERR, "%s: unexpected error with capability %s", + lc->lc_class, cap); + errno = ERANGE; + return (e); + } + + errno = 0; + q = strtolimit(res, &ep, 0); + if (!ep || ep == res || (ep[0] && ep[1]) || + ((q == QUAD_MIN || q == QUAD_MAX) && errno == ERANGE)) { + syslog(LOG_ERR, "%s:%s=%s: invalid size", + lc->lc_class, cap, res); + errno = ERANGE; + return (e); + } + return (q); +} + +int +login_getcapbool(lc, cap, def) + login_cap_t *lc; + char *cap; + u_int def; +{ + if (!lc->lc_cap) + return (def); + + return (cgetcap(lc->lc_cap, cap, ':') != NULL); +} + +void +login_close(lc) + login_cap_t *lc; +{ + if (lc) { + if (lc->lc_class) + free(lc->lc_class); + if (lc->lc_cap) + free(lc->lc_cap); + if (lc->lc_style) + free(lc->lc_style); + free(lc); + } +} + +#define CTIME 1 +#define CSIZE 2 +#define CNUMB 3 + +static struct { + int what; + int type; + char * name; +} r_list[] = { + { RLIMIT_CPU, CTIME, "cputime", }, + { RLIMIT_FSIZE, CSIZE, "filesize", }, + { RLIMIT_DATA, CSIZE, "datasize", }, + { RLIMIT_STACK, CSIZE, "stacksize", }, + { RLIMIT_RSS, CSIZE, "memoryuse", }, + { RLIMIT_MEMLOCK, CSIZE, "memorylocked", }, + { RLIMIT_NPROC, CNUMB, "maxproc", }, + { RLIMIT_NOFILE, CNUMB, "openfiles", }, + { RLIMIT_CORE, CSIZE, "coredumpsize", }, + { -1, 0, 0 } +}; + +static int +gsetrl(lc, what, name, type) + login_cap_t *lc; + int what; + char *name; + int type; +{ + struct rlimit rl; + struct rlimit r; + char name_cur[32]; + char name_max[32]; + + sprintf(name_cur, "%s-cur", name); + sprintf(name_max, "%s-max", name); + + if (getrlimit(what, &r)) { + syslog(LOG_ERR, "getting resource limit: %m"); + return (-1); + } + +#define RCUR r.rlim_cur +#define RMAX r.rlim_max + + switch (type) { + case CTIME: + RCUR = login_getcaptime(lc, name, RCUR, RCUR); + RMAX = login_getcaptime(lc, name, RMAX, RMAX); + rl.rlim_cur = login_getcaptime(lc, name_cur, RCUR, RCUR); + rl.rlim_max = login_getcaptime(lc, name_max, RMAX, RMAX); + break; + case CSIZE: + RCUR = login_getcapsize(lc, name, RCUR, RCUR); + RMAX = login_getcapsize(lc, name, RMAX, RMAX); + rl.rlim_cur = login_getcapsize(lc, name_cur, RCUR, RCUR); + rl.rlim_max = login_getcapsize(lc, name_max, RMAX, RMAX); + break; + case CNUMB: + RCUR = login_getcapnum(lc, name, RCUR, RCUR); + RMAX = login_getcapnum(lc, name, RMAX, RMAX); + rl.rlim_cur = login_getcapnum(lc, name_cur, RCUR, RCUR); + rl.rlim_max = login_getcapnum(lc, name_max, RMAX, RMAX); + break; + default: + return (-1); + } + + if (setrlimit(what, &rl)) { + syslog(LOG_ERR, "%s: setting resource limit %s: %m", + lc->lc_class, name); + return (-1); + } +#undef RCUR +#undef RMAX + return (0); +} + +int +setclasscontext(class, flags) + char *class; + u_int flags; +{ + int ret; + login_cap_t *lc; + + flags &= LOGIN_SETRESOURCES | LOGIN_SETPRIORITY | LOGIN_SETUMASK | + LOGIN_SETPATH; + + lc = login_getclass(class); + ret = lc ? setusercontext(lc, NULL, 0, flags) : -1; + login_close(lc); + return (ret); +} + +int +setusercontext(lc, pwd, uid, flags) + login_cap_t *lc; + struct passwd *pwd; + uid_t uid; + u_int flags; +{ + login_cap_t *flc; + quad_t p; + int i; + + flc = NULL; + + if (!lc && !(flc = lc = login_getclass(pwd ? pwd->pw_class : NULL))) + return (-1); + + /* + * Without the pwd entry being passed we cannot set either + * the group or the login. We could complain about it. + */ + if (pwd == NULL) + flags &= ~(LOGIN_SETGROUP|LOGIN_SETLOGIN); + + if (flags & LOGIN_SETRESOURCES) + for (i = 0; r_list[i].name; ++i) + if (gsetrl(lc, r_list[i].what, r_list[i].name, + r_list[i].type)) + /* XXX - call syslog()? */; + + if (flags & LOGIN_SETPRIORITY) { + p = login_getcapnum(lc, "priority", 0LL, 0LL); + + if (setpriority(PRIO_PROCESS, 0, (int)p) < 0) + syslog(LOG_ERR, "%s: setpriority: %m", lc->lc_class); + } + + if (flags & LOGIN_SETUMASK) { + p = login_getcapnum(lc, "umask", (quad_t) LOGIN_DEFUMASK, + (quad_t) LOGIN_DEFUMASK); + umask((mode_t)p); + } + + if (flags & LOGIN_SETGROUP) { + if (setgid(pwd->pw_gid) < 0) { + syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid); + login_close(flc); + return (-1); + } + + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { + syslog(LOG_ERR, "initgroups(%s,%d): %m", + pwd->pw_name, pwd->pw_gid); + login_close(flc); + return (-1); + } + } + + if (flags & LOGIN_SETLOGIN) + if (setlogin(pwd->pw_name) < 0) { + syslog(LOG_ERR, "setlogin(%s) failure: %m", + pwd->pw_name); + login_close(flc); + return (-1); + } + + if (flags & LOGIN_SETUSER) + if (setuid(uid) < 0) { + syslog(LOG_ERR, "setuid(%d): %m", uid); + login_close(flc); + return (-1); + } + + if (flags & LOGIN_SETPATH) + setuserpath(lc, pwd ? pwd->pw_dir : ""); + + login_close(flc); + return (0); +} + +static void +setuserpath(lc, home) + login_cap_t *lc; + char *home; +{ + size_t hlen, plen; + int cnt = 0; + char *path; + char *p, *q; + + hlen = strlen(home); + + p = path = login_getcapstr(lc, "path", NULL, NULL); + if (p) { + while (*p) + if (*p++ == '~') + ++cnt; + plen = (p - path) + cnt * (hlen + 1) + 1; + p = path; + q = path = malloc(plen); + if (q) { + while (*p) { + p += strspn(p, " \t"); + if (*p == '\0') + break; + plen = strcspn(p, " \t"); + if (hlen == 0 && *p == '~') { + p += plen; + continue; + } + if (q != path) + *q++ = ':'; + if (*p == '~') { + strcpy(q, home); + q += hlen; + ++p; + --plen; + } + memcpy(q, p, plen); + p += plen; + q += plen; + } + *q = '\0'; + } else + path = _PATH_DEFPATH; + } else + path = _PATH_DEFPATH; + if (setenv("PATH", path, 1)) + warn("could not set PATH"); +} + +/* + * Convert an expression of the following forms + * 1) A number. + * 2) A number followed by a b (mult by 512). + * 3) A number followed by a k (mult by 1024). + * 5) A number followed by a m (mult by 1024 * 1024). + * 6) A number followed by a g (mult by 1024 * 1024 * 1024). + * 7) A number followed by a t (mult by 1024 * 1024 * 1024 * 1024). + * 8) Two or more numbers (with/without k,b,m,g, or t). + * seperated by x (also * for backwards compatibility), specifying + * the product of the indicated values. + */ +static +u_quad_t +strtosize(str, endptr, radix) + char *str; + char **endptr; + int radix; +{ + u_quad_t num, num2; + char *expr, *expr2; + + errno = 0; + num = strtouq(str, &expr, radix); + if (errno || expr == str) { + if (endptr) + *endptr = expr; + return (num); + } + + switch(*expr) { + case 'b': case 'B': + num = multiply(num, (u_quad_t)512); + ++expr; + break; + case 'k': case 'K': + num = multiply(num, (u_quad_t)1024); + ++expr; + break; + case 'm': case 'M': + num = multiply(num, (u_quad_t)1024 * 1024); + ++expr; + break; + case 'g': case 'G': + num = multiply(num, (u_quad_t)1024 * 1024 * 1024); + ++expr; + break; + case 't': case 'T': + num = multiply(num, (u_quad_t)1024 * 1024); + num = multiply(num, (u_quad_t)1024 * 1024); + ++expr; + break; + } + + if (errno) + goto erange; + + switch(*expr) { + case '*': /* Backward compatible. */ + case 'x': + num2 = strtosize(expr+1, &expr2, radix); + if (errno) { + expr = expr2; + goto erange; + } + + if (expr2 == expr + 1) { + if (endptr) + *endptr = expr; + return (num); + } + expr = expr2; + num = multiply(num, num2); + if (errno) + goto erange; + break; + } + if (endptr) + *endptr = expr; + return (num); +erange: + if (endptr) + *endptr = expr; + errno = ERANGE; + return (UQUAD_MAX); +} + +static +u_quad_t +strtolimit(str, endptr, radix) + char *str; + char **endptr; + int radix; +{ + if (strcasecmp(str, "infinity") == 0 || strcasecmp(str, "inf") == 0) { + if (endptr) + *endptr = str + strlen(str); + return ((u_quad_t)RLIM_INFINITY); + } + return (strtosize(str, endptr, radix)); +} + +static u_quad_t +multiply(n1, n2) + u_quad_t n1; + u_quad_t n2; +{ + static int bpw = 0; + u_quad_t m; + u_quad_t r; + int b1, b2; + + /* + * Get rid of the simple cases + */ + if (n1 == 0 || n2 == 0) + return (0); + if (n1 == 1) + return (n2); + if (n2 == 1) + return (n1); + + /* + * sizeof() returns number of bytes needed for storage. + * This may be different from the actual number of useful bits. + */ + if (!bpw) { + bpw = sizeof(u_quad_t) * 8; + while (((u_quad_t)1 << (bpw-1)) == 0) + --bpw; + } + + /* + * First check the magnitude of each number. If the sum of the + * magnatude is way to high, reject the number. (If this test + * is not done then the first multiply below may overflow.) + */ + for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1) + ; + for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2) + ; + if (b1 + b2 - 2 > bpw) { + errno = ERANGE; + return (UQUAD_MAX); + } + + /* + * Decompose the multiplication to be: + * h1 = n1 & ~1 + * h2 = n2 & ~1 + * l1 = n1 & 1 + * l2 = n2 & 1 + * (h1 + l1) * (h2 + l2) + * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2) + * + * Since h1 && h2 do not have the low bit set, we can then say: + * + * (h1>>1 * h2>>1 * 4) + ... + * + * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will + * overflow. + * + * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2) + * then adding in residual amout will cause an overflow. + */ + + m = (n1 >> 1) * (n2 >> 1); + + if (m >= ((u_quad_t)1 << (bpw-2))) { + errno = ERANGE; + return (UQUAD_MAX); + } + + m *= 4; + + r = (n1 & n2 & 1) + + (n2 & 1) * (n1 & ~(u_quad_t)1) + + (n1 & 1) * (n2 & ~(u_quad_t)1); + + if ((u_quad_t)(m + r) < m) { + errno = ERANGE; + return (UQUAD_MAX); + } + m += r; + + return (m); +} + diff --git a/lib/libutil/securepath.3 b/lib/libutil/securepath.3 new file mode 100644 index 000000000000..d7d87518b8ab --- /dev/null +++ b/lib/libutil/securepath.3 @@ -0,0 +1,57 @@ +.\" $NetBSD: securepath.3,v 1.1 2000/01/12 05:02:10 mjl Exp $ +.\" +.\" Copyright (c) 1996,1997 Berkeley Software Design, Inc. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI login_cap.3,v 1.4 1997/11/07 16:22:27 jch Exp +.\" +.Dd "July 16, 1996" +.Dt SECUREPATH 3 +.Os +.Sh NAME +.Nm secure_path , +.Nd determine if a file appears to be secure +.Sh LIBRARY +.Lb libutil +.Sh SYNOPSIS +.Fd #include +.Ft int +.Fn secure_path "char *path" +.Sh DESCRIPTION +The +.Fn secure_path +function takes a path name and returns 0 if the path name is secure, -1 +if not. +To be secure a path must +exist, +be a regular file (and not a directory), +owned by root, +and only writable by the owner (root). +.El diff --git a/lib/libutil/securepath.c b/lib/libutil/securepath.c new file mode 100644 index 000000000000..a5f33ce7ce0b --- /dev/null +++ b/lib/libutil/securepath.c @@ -0,0 +1,67 @@ +/* $NetBSD: securepath.c,v 1.1 2000/01/12 05:02:10 mjl Exp $ */ + +/*- + * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Berkeley Software Design, + * Inc. + * 4. The name of Berkeley Software Design, Inc. may not be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * BSDI login_cap.c,v 2.13 1998/02/07 03:17:05 prb Exp + */ + + +#include +#include + +#include +#include + +int +secure_path(char *path) +{ + struct stat sb; + + /* + * If not a regular file, or is owned/writeable by someone + * other than root, quit. + */ + if (lstat(path, &sb) < 0) { + syslog(LOG_ERR, "cannot stat %s: %m", path); + return (-1); + } else if (!S_ISREG(sb.st_mode)) { + syslog(LOG_ERR, "%s: not a regular file", path); + return (-1); + } else if (sb.st_uid != 0) { + syslog(LOG_ERR, "%s: not owned by root", path); + return (-1); + } else if (sb.st_mode & (S_IWGRP | S_IWOTH)) { + syslog(LOG_ERR, "%s: writeable by non-root", path); + return (-1); + } + return (0); +} diff --git a/lib/libutil/shlib_version b/lib/libutil/shlib_version index 4d3919075074..798cb91c7b51 100644 --- a/lib/libutil/shlib_version +++ b/lib/libutil/shlib_version @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.19 1999/06/06 01:50:01 thorpej Exp $ +# $NetBSD: shlib_version,v 1.20 2000/01/12 05:02:10 mjl Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # major=5 -minor=1 +minor=2 diff --git a/share/man/man5/Makefile b/share/man/man5/Makefile index 2c826161c2db..948ed31918b5 100644 --- a/share/man/man5/Makefile +++ b/share/man/man5/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.30 1999/02/17 00:08:42 lukem Exp $ +# $NetBSD: Makefile,v 1.31 2000/01/12 05:02:12 mjl Exp $ # @(#)Makefile 8.1 (Berkeley) 6/5/93 # missing: dump.5 plot.5 MAN= a.out.5 acct.5 ar.5 core.5 daily.conf.5 dir.5 disktab.5 ethers.5 fs.5 \ fstab.5 genassym.cf.5 group.5 hesiod.conf.5 hosts.5 hosts.equiv.5 \ - ifaliases.5 intro.5 ld.so.conf.5 link.5 lkm.conf.5 mk.conf.5 \ + ifaliases.5 intro.5 ld.so.conf.5 link.5 lkm.conf.5 login.conf.5 mk.conf.5 \ monthly.conf.5 motd.5 netgroup.5 networks.5 nsswitch.conf.5 passwd.5 \ phones.5 printcap.5 protocols.5 ranlib.5 rc.conf.5 remote.5 \ resolv.conf.5 rpc.5 security.conf.5 services.5 shells.5 stab.5 \ diff --git a/share/man/man5/login.conf.5 b/share/man/man5/login.conf.5 new file mode 100644 index 000000000000..202ee736e630 --- /dev/null +++ b/share/man/man5/login.conf.5 @@ -0,0 +1,308 @@ +.\" $NetBSD: login.conf.5,v 1.1 2000/01/12 05:02:12 mjl Exp $ +.\" +.\" Copyright (c) 1995,1996,1997 Berkeley Software Design, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Berkeley Software Design, +.\" Inc. +.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" BSDI login.conf.5,v 2.19 1998/02/19 23:39:39 prb Exp +.\" +.Dd February 23, 1995 +.Dt LOGIN.CONF 5 +.Os +.Sh NAME +.Nm login.conf +.Nd login class capability data base +.Sh SYNOPSIS +.Nm /etc/login.conf +.Sh DESCRIPTION +The +.Nm login.conf +file describes the various attributes of login classes. +A login class determines what styles of authentication are available +as well as session resource limits and environment setup. +While designed primarily for the +.Xr login 8 +program, +it is also used by other programs, e.g., +.Xr rexecd 8 , +which need to set up a user environment. +.Sh CAPABILITIES +Refer to +.Xr getcap 3 +for a description of the file layout. +All entries in the +.Nm login.conf +file are either boolean or use a `=' to separate the capability +from the value. +The types are described after the capability table. +.Bl -column minpasswordlenxx programxx xusxbin +.Sy Name Type Default Description +.\" +.\"XX .sp +.\"XX .It copyright Ta file Ta "" Ta +.\"XX File containing additional copyright information. +.\" +.\"XX .sp +.\"XX .It coredumpsize Ta size Ta "" Ta +.\"XX Maximum coredump size limit. +.\" +.\"XX .sp +.\"XX .It cputime Ta time Ta "" Ta +.\"XX CPU usage limit. +.\" +.\"XX .sp +.\"XX .It datasize Ta size Ta "" Ta +.\"XX Maximum data size limit. +.\" +.\"XX .sp +.\"XX .It expireperiod Ta time Ta "" Ta +.\"XX Time for expiry allocation. +.\"XX .sp +.\"XX .It filesize Ta size Ta "" Ta +.\"XX Maximum file size limit. +.\" +.\"XX .sp +.\"XX It hushlogin Ta bool Ta Dv false Ta +.\"XX Same as having a +.\"XX .Pa $HOME/.hushlogin +.\"XX file. +.\"XX See +.\"XX .Xr login 8 . +.\" +.\"XX .sp +.\"XX .It ignorenologin Ta bool Ta Dv false Ta +.\"XX Not affected by +.\"XX .Pa nologin +.\"XX files. +.\"XX See +.\"XX .Xr login 8 . +.\"XX .\" +.\"XX .sp +.\"XX .It stacksize Ta size Ta "" Ta +.\"XX Maximum stack size limit. +.\"XX .\" +.\"XX .sp +.\"XX .It maxproc Ta number Ta "" Ta +.\"XX Maximum number of process. +.\" +.\"XX .sp +.\"XX .It memorylocked Ta size Ta "" Ta +.\"XX Maximum locked in core memory size limit. +.\" +.\"XX .sp +.\"XX .It memoryuse Ta size Ta "" Ta +.\"XX Maximum in core memoryuse size limit. +.\" +.sp +.It minpasswordlen Ta number Ta "" Ta +The minimum length a local password may be. +Used by the +.Xr passwd 1 +utility. +.\" +.\"XX .sp +.\"XX .It nologin Ta file Ta "" Ta +.\"XX If the file exists it will be displayed +.\"XX and the login session will be terminated. +.\" +.\"XX .sp +.\"XX .It openfiles Ta number Ta "" Ta +.\"XX Maximum number of open files per process. +.\" +.\"XX .sp +.\"XX .It password-dead Ta time Ta Dv 0 Ta +.\"XX Length of time a password may be expired but not quite dead yet. +.\"XX When set (for both the client and remote server machine when doing +.\"XX remote authentication), a user is allowed to log in just one more +.\"XX time after their password (but not account) has expired. This allows +.\"XX a grace period for updating their password. +.\" +.sp +.It passwordtime Ta time Ta "" Ta +Used by passwd(1) to set next password expiry date. +.\"XX .sp +.\"XX .It password-warn Ta time Ta Dv 2w Ta +.\"XX If the user's password will expire within this length of time then +.\"XX warn the user of this. +.\" +.\"XX .sp +.\"XX .It path Ta path Ta Dv "/bin /usr/bin" Ta +.\"XX .br +.\"XX Default search path. +.\" +.\"XX .sp +.\"XX .It priority Ta number Ta "" Ta +.\"XX Initial priority (nice) level. +.\" +.\"XX .sp +.\"XX .It requirehome Ta bool Ta Dv false Ta +.\"XX Require home directory to login. +.\" +.\"XX .sp +.\"XX .It shell Ta program Ta "" Ta +.\"XX Session shell to execute rather than the shell specified in the password file. +.\"XX The +.\"XX .Ev SHELL +.\"XX environment variable will contain the shell specified in the password file. +.\" +.\"XX .sp +.\"XX .It term Ta string Ta Dv su Ta +.\"XX Default terminal type if not able to determine from other means. +.\" +.\"XX .sp +.\"XX .It umask Ta number Ta Dv 022 Ta +.\"XX Initial umask. +.\"XX Should always have a leading +.\"XX .Li 0 +.\"XX to assure octal interpretation. +.\"XX See +.\"XX .Xr umask 2 . +.\" +.\"XX .sp +.\"XX .It welcome Ta file Ta Pa /etc/motd Ta +.\"XX File containing welcome message. +.El +.\"XX .Pp +.\"XX The resource limit entries +.\"XX .No ( Ns Va cputime , filesize , datasize , stacksize , coredumpsize , +.\"XX .Va memoryuse , memorylocked , maxproc , +.\"XX and +.\"XX .Va openfiles ) +.\"XX actually specify both the maximum and current limits (see +.\"XX .Xr getrlimit 2 ). +.\"XX The current limit is the one normally used, +.\"XX although the user is permitted to increase the current limit to the +.\"XX maximum limit. +.\"XX The maximum and current limits may be specified individually by appending +.\"XX a +.\"XX .Va \-max +.\"XX or +.\"XX .Va \-cur +.\"XX to the capability name (e.g., +.\"XX .Va openfiles-max +.\"XX and +.\"XX .Va openfiles-cur Ns No ). +.Pp +\*(oSwill never define capabilities which start with +Li x- +or +.Li X- , +these are reserved for external use (unless included through contributed +software). +.Pp +The argument types are defined as: +.Bl -tag -width programxx +.\" +.It file +Path name to a text file. +.\" +.It list +A comma separated list of values. +.\" +.It number +A number. A leading +.Li 0x +implies the number is expressed in hexadecimal. +A leading +.Li 0 +implies the number is expressed in octal. +Any other number is treated as decimal. +.\" +.It path +A space separated list of path names. +If a +.Li ~ +is the first character in the path name, the +.Li ~ +is expanded to the user's home directory. +.\" +.It program +A path name to program. +.\" +.It size +A +.Va number +which expresses a size in bytes. +It may have a trailing +.Li b +to multiply the value by 512, a +.Li k +to multiply the value by 1 K (1024), and a +.Li m +to multiply the value by 1 M (1048576). +.\" +.It time +A time in seconds. +A time may be expressed as a series of numbers +which are added together. +Each number may have a trailing character to +represent time units: +.Bl -tag -width xxx +.\" +.It y +Indicates a number of 365 day years. +.\" +.It w +Indicates a number of 7 day weeks. +.\" +.It d +Indicates a number of 24 hour days. +.\" +.It h +Indicates a number of 60 minute hours. +.\" +.It m +Indicates a number of 60 second minutes. +.\" +.It s +Indicates a number of seconds. +.El +.Pp +For example, to indicate 1 and 1/2 hours, the following string +could be used: +.Li 1h30m . +.El +.\" +.Pp +The class to be used is normally determined by the +.Li class +field in the password file (see +.Xr passwd 5 ). +.Pp +The class is used to look up a corresponding entry in the +.Pa login.conf +file. +.Sh SEE ALSO +.Xr getcap 3 , +.Xr login_cap 3 , +.Xr ttys 5 , +.Xr ftpd 8 , +.Xr login 8 +